Project

General

Profile

Actions

Bug #1929

closed

All files created with world-writable permissions

Added by Dominic Cleal about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Packaging
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The proxy daemon runs with a umask of 0:

(gdb) call umask(0)
$1 = 0

The files and directories it creates all have world-writable bits set, which is dangerous:

-rw-rw-rw-. 1 foreman-proxy foreman-proxy 104 Nov  7 14:51 /var/log/foreman-proxy/access.log
drwxrwxrwx. 2 foreman-proxy foreman-proxy     4096 Oct 28 22:07 /var/lib/tftpboot/boot
-rw-rw-rw-. 1 foreman-proxy foreman-proxy 24337760 May 22 20:55 /var/lib/tftpboot/boot/Fedora-17-x86_64-initrd.img
-rw-rw-rw-. 1 foreman-proxy foreman-proxy  4662160 May  7  2012 /var/lib/tftpboot/boot/Fedora-17-x86_64-vmlinuz
drwxrwxrwx. 2 foreman-proxy foreman-proxy     4096 Oct 28 22:34 /var/lib/tftpboot/pxelinux.cfg
-rw-rw-rw-. 1 foreman-proxy foreman-proxy      161 Oct 28 21:19 /var/lib/tftpboot/pxelinux.cfg/default
Actions

Also available in: Atom PDF